new york september 2008 ignite, sam lessin on privacy
DESCRIPTION
sam lessin's presentation on privacy at Ignite NYC in September 2008TRANSCRIPT
a very brief history of privacy in our data deluged world,
Sam Lessin @ drop.io
Voice Over (1/2):
1. hi, my name is sam lessin, and I am going to be speaking a bit about digital privacy - something i spend most of my days working on in one way or another
2. for starters, what is privacy. people pre-pend the word in phrases like private thoughts, a private journal, private bedroom exploits, or private plans to take over the world - but there are precious few good definitions of what the term actually means
3. The best way to describe privacy is as the limited transmission of information over time and/or between people. It is about moving information from a trusted point A to a trusted point B without exposure.
4. why do we care about privacy? isn't it dead? -- we care because in all sorts of scenarios the value of information is inversely related to how public it is. from corporate secrets, to gambling and the stock market, to even personal intimacy
5. fundamentally you are only as private as your weakest communicative link. the model for a private exchange is a one to one discussion in the middle of nowhere. Output directly to Input. But the reality is that as we have made communication more efficient we tend to rely on more intermediaries to communicate.
6. as with many things, one of the most interesting testing grounds for privacy is WAR. during war private information is extremely valuable to all sides.... and you frequently have to use untrustworthy links in the communicative chain. The solution that evolved quickly was 'security'
7. all security is breakable - it functions by changing the cost structure of information. You pay a cost to secure your information(which is less expensive than the info transmitted is valuable)... the key is to make it expensive enough for the enemy to break your security that it isn't worth it.
8. the reality is that outside of war, until very very recently most information was harmless/ mostly valueless on a mass scale- so people were not very concerned about privacy. There simply was little to 'steal' from you information wise, so you didn't have to incur much cost to protect your information.
9. three little familiar concepts, however, changed all that. the cost of and therefore volume of communication, information storage, and compute power have changed the equation by making useless data useful and by making privacy measures much more expensive on a relative basis.
10. these cost changes have drastically changed the amount of communication, the amount of communication that is saved, and theability to access that information. this is a HUGE deal
Voice Over (2/2):
11. people have been freaking out about this for a long time. Max Weber wrote about all these concepts and their impact with regards to 'bureaucracy' and people have been updating the concepts all the way through Foucault's Power-Knowledge in "Discipline and Punish"
12. interestingly, all this information and organization did allow for a new mechanism of non-secure 'privacy'. Simply trust your privacy to them and the law. it is a felony to open mail
13. this worked relatively well, because even up through very recent history, little information was valuable and few people were in a position to break trust.
14. Internet changes all that - all of a sudden lots of information was valuable at scale, and lots of people could touch it
15. institutions break down - laws don't work if you can't enforce them -- and with data flowing beyond boards and no transparency into who has what = no enforcement
16. go military style? doesn't work - because security only works on cost differentials. Security isn't getting cheaper faster than breaking security, information is getting more valuable for the bad guys and the good guys.
17. in fact, we are worse off than military information - value of which is very perishable - our data lasts forever - so if you can't break today break tomorrow
18. this really really sucks for your kids - because 'public key' security is going to crumble with quantum computing - so traditional security will melt.
19. so what should we do - future of privacy is about unwinding - decentralize, de-tag, destroy... you are also going to end up with less 'privacy' - which is good, because you can sell your privacy for great stuff online
20. recap -
WTF is privacy?
the limited transmission of info…
over time between people
So What?
IO
I(OI)O
I(OI)(OI)(OI)(OI)O
I(OI)(OI)(OI)(OI)(OI)(OI)(OI)(OI)O
Only as private as your least trusted link…
I(OI)(OI)(OI)(OI) (OI)(OI)(OI)(OI)(OI)(OI)(OI)(OI)O
OH CRAP, better use a code
Vi(1) – Cs(1) > Vi(2) – Cs(2)
Security is based onRelative Values and Relative Costs
Ye’ old info = “mostly harmless”
CommunicationStorageCompute
All of Human History
~years
volume
Language
Writing
Printing Press
type writer
Morse code
Telephone
Internet
Alexandria
Widner
Googlie
Dewey Decimal
Crazy Monks
VaticanCounting
Calculus
Computer
Network
Modern BureaucracyLOC
Dog Pile
Cuil
Freaking out, moderate old school
OH CRAP (new school peacetime)
OH CRAP (1980s peacetime)
…then the intertubes
~years
value of your crap
all your crap is valuable*!
Institutions can’t save you
I(OI)(OI)(OI)(OI)(OI)(OI)(OI)(OI)O
?
go military style? = fail
Vi(1) – Cs(1) > Vi(2) – Cs(2)
Suckers
really sucks for your kids…
Future History: Back to Black
1. decentralize
2. de-tag
3. destroy
4. (give up)
DON’T PANIC, just be conscious
1. Privacy = limited transmission of info
2. Security = method for maintaining privacy across un-trusted IO
3. Digital makes worthless crap valuable
4. Chill out, tread lightly
http: //drop.io/swltwitter @lessin